Security update for java-1_7_1-ibm SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:0304-1 Final 1 1 2015-02-10T14:23:41Z current 2015-02-10T14:23:41Z 2015-02-10T14:23:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for java-1_7_1-ibm java-1_7_1-ibm was updated to fix two security issues. These security issues were fixed: - CVE-2014-8892: Unspecified vulnerability (bnc#916265). - CVE-2014-8891: Unspecified vulnerability (bnc#916266). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-SDK-12-2015-80,SUSE-SLE-SERVER-12-2015-80 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20150304-1/ Link for SUSE-SU-2015:0304-1 https://lists.suse.com/pipermail/sle-security-updates/2015-February/001231.html E-Mail link for SUSE-SU-2015:0304-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/916265 SUSE Bug 916265 https://bugzilla.suse.com/916266 SUSE Bug 916266 https://www.suse.com/security/cve/CVE-2014-8891/ SUSE CVE CVE-2014-8891 page https://www.suse.com/security/cve/CVE-2014-8892/ SUSE CVE CVE-2014-8892 page SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Software Development Kit 12 java-1_7_1-ibm-devel-1.7.1_sr2.10-8.1 java-1_7_1-ibm-1.7.1_sr2.10-8.1 java-1_7_1-ibm-alsa-1.7.1_sr2.10-8.1 java-1_7_1-ibm-jdbc-1.7.1_sr2.10-8.1 java-1_7_1-ibm-plugin-1.7.1_sr2.10-8.1 java-1_7_1-ibm-1.7.1_sr2.10-8.1 as a component of SUSE Linux Enterprise Server 12 java-1_7_1-ibm-alsa-1.7.1_sr2.10-8.1 as a component of SUSE Linux Enterprise Server 12 java-1_7_1-ibm-jdbc-1.7.1_sr2.10-8.1 as a component of SUSE Linux Enterprise Server 12 java-1_7_1-ibm-plugin-1.7.1_sr2.10-8.1 as a component of SUSE Linux Enterprise Server 12 java-1_7_1-ibm-1.7.1_sr2.10-8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 java-1_7_1-ibm-alsa-1.7.1_sr2.10-8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 java-1_7_1-ibm-jdbc-1.7.1_sr2.10-8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 java-1_7_1-ibm-plugin-1.7.1_sr2.10-8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 java-1_7_1-ibm-devel-1.7.1_sr2.10-8.1 as a component of SUSE Linux Enterprise Software Development Kit 12 Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager. CVE-2014-8891 SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr2.10-8.1 SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr2.10-8.1 SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr2.10-8.1 SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr2.10-8.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-1.7.1_sr2.10-8.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-alsa-1.7.1_sr2.10-8.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-jdbc-1.7.1_sr2.10-8.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-plugin-1.7.1_sr2.10-8.1 SUSE Linux Enterprise Software Development Kit 12:java-1_7_1-ibm-devel-1.7.1_sr2.10-8.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150304-1/ https://www.suse.com/security/cve/CVE-2014-8891.html CVE-2014-8891 https://bugzilla.suse.com/916266 SUSE Bug 916266 Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager. CVE-2014-8892 SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr2.10-8.1 SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr2.10-8.1 SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr2.10-8.1 SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr2.10-8.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-1.7.1_sr2.10-8.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-alsa-1.7.1_sr2.10-8.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-jdbc-1.7.1_sr2.10-8.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-plugin-1.7.1_sr2.10-8.1 SUSE Linux Enterprise Software Development Kit 12:java-1_7_1-ibm-devel-1.7.1_sr2.10-8.1 important 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150304-1/ https://www.suse.com/security/cve/CVE-2014-8892.html CVE-2014-8892 https://bugzilla.suse.com/916265 SUSE Bug 916265